@amedia/brick-mcp (>=0.0.0-vBRAND-20260313141110 <=1.0.3), @area15/ticket-component (=0.1.0) +217 more potentially affected by CVE-2025-32442 +1 more via fastify (>=5.3.2 <=5.8.4)

fastify NPM version =5.3.2, =0.0.0-vBRAND-20260313141110, =2.0.1, =1.1.1, =0.6.2, =0.1.1, =0.1.1, =0.6.0, =0.1.1, =0.0.35, =0.0.82, =0.0.1, =0.0.6, =0.1.68, =0.1.0, =0.8.2 and more Source cves: CVE-2025-32442, CVE-2026-33806 Source advisory: OSV:GHSA-247C-9743-5963...

0uth (>=1.0.5 <=1.2.1), @___d/common (>=1.0.3 <=1.0.27) +2489 more potentially affected by CVE-2026-33806 via fastify (>=4.29.0 <=5.8.4)

fastify NPM version =4.29.0, =1.0.5, =1.0.3, =0.0.3, =1.0.0, =3.0.0, =0.1.0, =0.0.1, =0.1.0, =2.0.0, =1.0.1, =1.6.2, =1.0.3, =0.3.3, =0.7.3 and more Source cves: CVE-2026-33806 Source advisory: SNYK:JS-FASTIFY-16066793...

CVE-2026-33806 fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content-Type Header

Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...

CVE-2026-33806

Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...

CVE-2026-33806 fastify vulnerable to Body Schema Validation Bypass via Leading Space in Content-Type Header

Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...

CVE-2026-33806

creationtimestamp| type| source ---|---|--- 2026-04-14 12:01:45+00:00| published-proof-of-concept| https://github.com/fastify/fastify/security/advisories/GHSA-247c-9743-5963 2026-04-15 00:23:16+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mjimwdlj4k2u 2026-04-15 04:59:25+00:00|...

CVE-2021-33806

The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization...

CVE-2024-33806

CVE-2024-33806 affects campcodes Complete Web-Based School Management System 1.0. The vulnerability is in the /model/get_grade.php endpoint, where the id parameter enables a SQL injection. The underlying root cause is improper input handling, allowing an attacker to execute arbitrary SQL commands...

CVE-2023-33806

Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands...

CVE-2023-33806

Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands...

Chamilo LMS Cross-Site Scripting Vulnerability (CNVD-2022-33806)

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training, and online question answering. Chamilo LMS v1.11.13 contains a cross-site scripting vulnerability that could be exploite...

CVE-2021-33806

The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization...

CVE-2021-33806

The CVE concerns the BDew BdLib library (Minecraft mod) before version 1.16.1.7, where Java serialization deserializes untrusted data via ObjectInputStream.readObject, enabling remote code execution. Public Red Hat and CNVD/CVE metadata corroborate a Java deserialization flaw that allows arbitrar...

CVE-2024-33806

A SQL injection vulnerability in /model/getgrade.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...